Skip to content

ci: publish multi-arch supervisor image (linux/amd64 + linux/arm64)#4

Merged
pdettori merged 1 commit intomvpfrom
feat/publish-supervisor-multiarch
May 1, 2026
Merged

ci: publish multi-arch supervisor image (linux/amd64 + linux/arm64)#4
pdettori merged 1 commit intomvpfrom
feat/publish-supervisor-multiarch

Conversation

@pdettori
Copy link
Copy Markdown

@pdettori pdettori commented May 1, 2026

Summary

  • Adds a build-and-push-supervisor job to publish.yml, mirroring the existing gateway job
  • Builds the supervisor target from deploy/docker/Dockerfile.images for linux/amd64 and linux/arm64
  • Pushes to ghcr.io/kagenti/openshell/supervisor with the same tag scheme as the gateway (mvp-<sha> on branch push, v* on tags)
  • Scopes the GHA build cache by job (scope=gateway / scope=supervisor) to prevent cache key collisions between the two parallel jobs
  • Renames the workflow to Publish Images to reflect that it now covers both components

Why

The supervisor image (quay.io/azaalouk/openshell-supervisor:latest) is amd64-only. On Kind clusters running on macOS Apple Silicon (arm64), the arm64 variant of the sandbox base image is selected but the openshell-sandbox binary copied by supervisor-init is x86_64 — causing sandbox pods to fail with:

qemu-x86_64-static: Could not open '/lib64/ld-linux-x86-64.so.2': No such file or directory

The Dockerfile.images already has full cross-compilation support via deploy/docker/cross-build.sh. This PR just wires up CI to build and publish the supervisor image as a multi-arch manifest.

Test plan

  • PR CI passes (kagenti-ci.yml checks)
  • After merge to mvp, Publish Images workflow runs and pushes ghcr.io/kagenti/openshell/supervisor:mvp-<sha> with both linux/amd64 and linux/arm64 manifests
  • docker manifest inspect ghcr.io/kagenti/openshell/supervisor:mvp-<sha> shows both architectures
  • Follow-up PR in kagenti/kagenti wires --supervisor-image in the openshell Helm chart to use the new image tag

@pdettori
ci: publish multi-arch supervisor image on mvp branch
3b5309a 
Add build-and-push-supervisor job to publish.yml so the supervisor
image is built for linux/amd64 and linux/arm64 and pushed to
ghcr.io/kagenti/openshell/supervisor on every push to main/mvp.

Also scope the GHA build cache by job (gateway vs supervisor) to
prevent cache key collisions between the two parallel jobs.

Assisted-By: Claude (Anthropic AI) <noreply@anthropic.com>
Signed-off-by: Paolo Dettori <dettori@us.ibm.com>
@pdettori pdettori merged commit d2b21ab into mvp May 1, 2026
9 checks passed
@pdettori pdettori deleted the feat/publish-supervisor-multiarch branch May 1, 2026 15:30
@pdettori pdettori restored the feat/publish-supervisor-multiarch branch May 1, 2026 15:56
@pdettori pdettori mentioned this pull request May 1, 2026
Merged
pdettori added a commit to pdettori/kagenti that referenced this pull request May 1, 2026
@pdettori
fix(openshell): use multi-arch supervisor image from kagenti/OpenShell
ad0ce0f 
Add supervisorImage value (ghcr.io/kagenti/openshell/supervisor:latest)
and pass it as --supervisor-image to the compute driver, replacing the
hardcoded quay.io/azaalouk/openshell-supervisor:latest default which is
amd64-only.

The new image is built from kagenti/OpenShell@mvp for linux/amd64 and
linux/arm64, enabling sandbox pods to run on arm64 Kind clusters
(macOS Apple Silicon).

Closes: kagenti/OpenShell#4

Assisted-By: Claude (Anthropic AI) <noreply@anthropic.com>
Signed-off-by: Paolo Dettori <dettori@us.ibm.com>
@clawgenti clawgenti mentioned this pull request May 4, 2026
Closed
@xjacka xjacka mentioned this pull request May 4, 2026
Open
@clawgenti clawgenti mentioned this pull request May 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pdettori